Security News > 2020

The U.S. Cyber Command's campaign to hack ISIS and disrupt its media operations faced some challenges, including a lack of data storage, but ultimately proved successful, according to government documents from 2016 that were made public Tuesday. The heavily-redacted documents published by the National Security Archive, a not-for-profit research organization, show that U.S. Cyber Command was not prepared to handle the amount of information it collected when it hacked ISIS. The command, which is part of the U.S. Defense Department and includes units from all military branches, also faced problems with interagency coordination and the lengthy process of vetting ISIS cyber targets.

Microsoft has today announced a data breach that affected one of its customer databases. The company informed Microsoft, and Microsoft quickly secured the data.

The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state's chief election official and other local election workers in the event of any cyberattack. "Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure," the FBI statement said.

The mobile phone of Amazon CEO Jeff Bezos was hacked using a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have reportedly found. Hackers stole sensitive information from Bezos' phone "Within hours" of the hack, according to a digital forensic analysis of Bezos' phone conducted by FTI Consulting, a Washington-based business advisory group.

Coalition, a San Francisco-based cyber insurance provider for SMBs, on Wednesday announced that it has acquired internet scanning and threat intelligence services provider BinaryEdge. Coalition is backed by insurers Swiss Re Corporate Solutions, Lloyd's of London, and Argo Group, and it provides customers in the United States up to $15 million of cyber and technology insurance coverage.

Independent UN rights experts said Wednesday they had received information that Amazon owner Jeff Bezos's phone was hacked through a WhatsApp account belonging to Saudi Crown Prince Mohammad bin Salman. "The alleged hacking of Mr Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement in Geneva.

Britain's main anti-hacker law, the Computer Misuse Act 1990, is "Confused", "Outdated" and "Ambiguous", according to a group of pro-reform academics. A report launched this morning by the Criminal Law Reform Now Network described a "Range of measures to better tailor existing offences in line with our international obligations and other modern legal systems" in a call for the 30-year-old Act to be overhauled.

The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with "More powerful features, posing even higher risk," Microsoft researchers are warning. Starslord, a downloader that installs itself to the system, connects to a remote server, and downloads additional malware onto the infected system.

Cyber threat detection provider Intezer this week announced it has raised $15 million in a Series B funding round. The new funding, Intezer CEO and Co-founder Itai Tevet says, will be used to accelerate sales growth and expand into the threat protection market.

Cybersecurity researchers are sounding the alarm about Emotet, a powerful email malware that is now being used to attack U.S. government and military targets. "We track it heavily, as it's continuing to spin up and send out email messages, we pick up on that quickly. Emotet is everywhere. I see Emotet infections and Emotet traffic happening all the time. It's an opportunistic threat, so as it comprises a system, harvest email addresses off of it and use other email addresses to attack."